[whatwg] Suggestion for a Specification: XUL Basic

Jose Dinuncio jdinunci at uc.edu.ve
Thu Jun 10 08:13:16 PDT 2004


El jue, 10-06-2004 a las 09:30, Ian Hickson escribió:
> On Thu, 10 Jun 2004, Jose Dinuncio wrote:
> >
> > But, web apps outside the browser are discarded? Here are my points in
> > favor:
> >
> > *) There is a need for WAOB: In intranets, security of the web app
> > downloaded is not a concern. In client-server applications, it would be
> > nice to download an always-up-to-date thin client every time you need
> > it.
> 
> How can you tell if the intranet content is trusted or not?

I don't see wich is the diference on security concerns between using an
intranet inside the browser vs. outside the browser. 


> > *) The cost of add this feature in the SPEC is not so big: It is Web
> > forms outside html. Substract CSS and add the window and layout tags,
> > and that's all.
> 
> I don't see why you have to substract CSS, but sure, actually doing a
> chromeless Web page is easy.


What I mean is, since web forms are not inside a html doc (in my wildest
dreams at least) there's not <table> or <p> or CSS to help you in the
componets layout. So the layout is determined by <hlayout>, <vlayout>
and friends.


> > *) The cost of implementation is near to zero: There are the same
> > widgets, the same renderer, the same communication mechanism behind
> > scenes.
> 
> Indeed.
> 
> 
> > *) Security: You can always click on "Don't open web apps outside the
> > browser window".
> 
> You can, but in practice it would have to be the default, since you
> wouldn't want to ship with a possible security hole.
> 
> 
> The biggest problem is simply: How can you tell that the content you have
> is trusted enough that it should be run without any of the browser chrome?


This is a problem that goes beyond any SPEC. The browser chrome won't
help you to determine what the app is doing behind scenes, anyway.

Security concerns are orthogonal to the web app being executed inside or
outside the browser.



PS: Can somebody configure the list to make the "reply to" send the
messages to whatwg and not to the original sender?

Thanks.

-- 
Jose Dinuncio <jdinunci at uc.edu.ve>
Universidad de Carabobo




More information about the whatwg mailing list